Jira Orchestration Workflow
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest data from external Jira tickets which could contain malicious instructions.
- Ingestion points: The agent fetches issue details, acceptance criteria, and linked issues during Phase 1 (EXPLORE) in SKILL.md.
- Boundary markers: No explicit delimiters or isolation instructions are present to prevent the agent from obeying instructions embedded in the external Jira content.
- Capability inventory: The agents have broad capabilities including code implementation (Phase 3), test execution (Phase 4), and git commit/PR creation (Phase 6).
- Sanitization: There is no mention of sanitizing or validating external inputs before they are used to guide agent actions.
- [NO_CODE]: The skill consists exclusively of markdown instructions and does not include any executable scripts or binary files, which eliminates the risk of direct malicious code execution being shipped with the skill itself.
Audit Metadata